Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
With the help of this package, you can easily set environment variables for the use in development.
If you're already using a now.json
file or the now
key in package.json
, the env
sub property will be assigned to process.env
automatically.
In addition, you can store secrets locally, that are specific to the development environment.
IMPORTANT: Do not use this package in production. It should only be used locally, while developing. This is because the secrets that you're using locally shouldn't match the ones you use in production (more secure). In production, you should be adding secrets like this.
Firstly, install the package from npm:
yarn add now-env
As the last step, register the helper by loading it:
require('now-env')
That's all, you can now check process.env
for the environment variables!
If your application is running inside Now cloud then this module is not going to do anything and let Now set your environment variables.
Most probably you will want to use secret keys in your now.json
file. This module allow you to use them too without worries in development.
Create a now.json
with some secret defined as @secret-name
, similar to:
{
"env": {
"SECRET": "@my-secret-key",
"ANOTHER_SECRET": "@my-other-secret-key",
"SECRET_FAIL": "@this-is-not-defined"
}
}
Then create a now-secrets.json
with the secrets names and values.
{
"@my-secret-key": "keep-it-secret",
"@my-other-secret-key": "keep-it-secret-too"
}
This file must be ignored to actually keep them secret.
Then when starting your application now-env
will read the now.json
and get the values from now-secrets.json
. If a environment key can't be found in now-secrets.json
(or the file doesn't exists) then is going to use the secret name as value, that means if DB_PASS
is @db_pass
and you don't define it inside now-secrets.json
then the value will be @db_pass
.
Now supports using the env
key as an array of required values you'll need to provide when deploying. This module also allow you to use them in development.
Create a now.json
with the array, similar to:
{
"env": [
"REQUIRED_KEY",
"REQUIRED_SECRET"
]
}
Then create a now-required.json
with the environment keys and values.
{
"REQUIRED_KEY": "required-value",
"REQUIRED_SECRET": "@required-secret"
}
You can also use secrets, for that you will need to create a
now-secrets.json
too.
Then when starting your application now-env
will read the now.json
and get the values from now-required.json
(and now-secrets.json
). If a environment key can't be found in now-required.json
then is going to throw a reference error.
dotenv
If you're already using the dotenv
module you can switch to now-env
easily:
now.json
file with the env
key with every environment variablenow-env
require('dotenv').config()
with require('now-env')
FAQs
Use `now.json` environment variables while developing
The npm package now-env receives a total of 66 weekly downloads. As such, now-env popularity was classified as not popular.
We found that now-env demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 52 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.